1 Answer
- Newest
- Most votes
- Most comments
0
Hi Neal, The way ABAC (Attribute-based access control) is based on Tags, check this 1 and 2 , this is an example of s3 policy:
{ "Version": "2012-10-17", "Statement": [ { "Principal": { "AWS": [ "arn:aws:iam::111122223333:role/JohnDoe" ] }, "Effect": "Allow", "Action": ["s3:GetObject", "s3:GetObjectVersion"], "Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*", "Condition": { "StringEquals": {"s3:ExistingObjectTag/Department": "bigdata"} } } ] }
answered 7 days ago
Relevant content
- Accepted Answerasked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 6 months ago